Malicious events from my Tor Exit Router

Earlier this month, my ISP, CondoInternet, called me to inform me of an attack from an IPv4 address belonging to the Tor Exit Router (TER) that I operate. Immediately I was interested because I wanted to verify that the web host was not compromised. Fortunately and unfortunately, since no network traffic is being logged, I wasn’t able to verify any details from a network access perspective. CondoInternet’s NOC was very helpful and understanding, having stated that they are aware of what Tor is, and forwarded me the 4 complaints that they’ve received since I started running the TER over a year ago. Out of curiosity, I asked their NOC if there were any other TERs on their network, and I’m the only one (sad face).

Below are some snippets from emails that CondoInternet’s NOC forwarded me. They stated that they did not want me to contact any of the senders directly, which I’m happy to oblige. The most recent and most serious is first, since prior to this event, CondoInternet hasn’t felt like the malicious activity from the TER has been worth much attention.

CondoInternet has been an amazing ISP. Recently I upgraded to 1 Gbps, and so far I’ve been peaking at around 9.25 MB/s RX and 9.25 MB/s TX. I expect to have more complaints come in as more traffic passes through my TER.

This TER has processed over 160 Terabytes of Tor traffic. The known malicious events discussed above are mere kilobytes of data being transmitted. Open Knowledge Foundation America will continue to support The Tor Project by donating time (skill) and money (bandwidth). A few “bad apples” are not concerning given the state of the internet–authors and readers of information need trusted tools to remain safe online.